Accessible content reputation lookup

ABSTRACT

Implementations of accessible content reputation lookup are described. In one implementation, before a user activates a link in a document, such as a hyperlink on a webpage, the user can designate the link. For example, the user can float a cursor over the link or interact with an icon placed proximate to the link. By designating the link, the user can request reputation information associated with the link, including information as to whether or not content associated with the link, an application used to access the content, and/or source(s) on which the content resides, are known to be dangerous or risky. If the reputation information indicates that the link is safe to activate, the user can activate the link and access the content. Alternately, if the reputation information indicates that the link is unsafe to access, the user can choose to forego activation of the link.

BACKGROUND

Users of computing-based devices have become accustomed to the benefits of interacting with documents having links to related content. For instance, a news page on the Internet can include a report having numerous links to more detailed information on persons or other entities mentioned in the report. In this way, the report can be very concise, yet still afford readers the opportunity to explore a wide variety of related content from other sources.

Unfortunately, however, by following links, accessing information, or downloading software from other sources, users can often open up their computing-based devices to attack. For example, by blindly following a link on a webpage a user can unwittingly access a dangerous website, such as a phishing website or a website disseminating malicious software, such as malware.

SUMMARY

Implementations of accessible content reputation lookup are described. In one implementation, before a user activates a link in a document, such as a hyperlink on a webpage, the user can designate the link. For example, the user can float a cursor over the link or interact with an icon placed proximate to the link. By designating the link, the user can request reputation information associated with the link, including information as to whether or not content and applications associated with the link, and/or source(s) on which the content resides, are known to be dangerous or risky.

If the reputation information indicates that the link is safe to activate, the user can activate the link and access the content. Alternately, if the reputation information indicates that the link is unsafe to access, the user can choose to forego activation of the link.

This summary is provided to introduce a selection of concepts that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit of a reference number identifies the figure in which the reference number first appears. The use of the same reference numbers in different figures indicates similar or identical items.

FIG. 1 illustrates an exemplary environment in which accessible content reputation lookup may be implemented.

FIG. 1 a illustrates a tag that can be used with embodiments of accessible content reputation lookup.

FIG. 1 b illustrates a pull down menu that can be used with embodiments of accessible content reputation lookup.

FIG. 2 illustrates an exemplary client device on which accessible content reputation lookup may be implemented.

FIG. 3 illustrates an exemplary reputation server on which reputation information may be stored.

FIG. 4 illustrates an exemplary process for identifying links to accessible content for which reputation information is available.

FIG. 5 illustrates an exemplary process for accessible content reputation lookup.

FIG. 6 illustrates another exemplary process for accessible content reputation lookup.

DETAILED DESCRIPTION

This disclosure is directed to techniques for accessible content reputation lookup. More particularly, the techniques described herein involve allowing a user to request reputation information associated with a link in a document—such as a link to content outside of the document—before the user activates the link. The reputation information can include a reputation of content associated with the link, a reputation of one or more applications used to access content associated with the link, and/or a reputation of one or more sources on which the content can be stored.

For example, a user can instigate retrieval of reputation information associated with a specific link on a webpage by floating a cursor over the link or by interacting with an icon proximate the link. Based on the returned reputation information, the user can decide if it is safe to activate the link and access content and/or one or more sources associated with the link.

Exemplary Environment

FIG. 1 illustrates an exemplary environment 100 in which accessible content reputation lookup may be implemented. Environment 100 includes a client device 102 which can be placed in communication with a variety of computing-based devices 104A-N via a network 106. Client device 102 can include any computing-based device which can be used to access a document 108. For example, client device 102 can include a server, a game console, a desktop PC, a notebook or portable computer, a workstation, a mainframe computer, an Internet appliance, a mobile phone, a personal digital assistant (PDA), a printer, and so on. Similarly document 108 can include any file or data structure through which information may be presented to a user. Thus document 108 can include various files associated with applications such as word processors, spreadsheets, web browsers, instant messaging applications, email applications, and so on.

Network 106 can include any wired and/or wireline coupling known in the art capable of placing two or more computing-based devices in electronic communication. Examples of network 106 include a local area network (LAN), a wide area network (WAN), the Internet, a conventional telephone network, a cellular network, any combination thereof, etc.

Devices 104A-N with which client device 102 may communicate include any computing-based devices known in the art. For example, devices 104A-N can include a server 104A, a PC 104B, a storage device 104C, a laptop 104N, and so on.

As shown, document 108 can include links 110A-N through which a user interacting with document 108 can access a wide variety of content on client device 102 and devices 104A-N. Links 110A-N can include pluggable protocols, and any other mechanisms or methods known in the art through which a user viewing document 108 can be given an option to access content from various sources. For instance, a user interacting with document 108 can activate a link 110A-N to access content residing on client device 102 and/or devices 104A-N, such as a uniform resource locator (URL), a file for a word processing application, a file for a spreadsheet application, an image file, an audio file, a video file, a binary download (including an executable file such as a .exe file), and so on.

Unfortunately, however, the user at client device 102 may have no reputation information regarding the trustworthiness of either the content, applications used to access the content, or devices on which the content may reside. Thus, by haphazardly activating links 110A-N the user can blindly access dangerous content, applications, and/or sources, subjecting client device 102 to unacceptable risks, such as infection by malware, tampering by outside entities, and release of sensitive files or settings from client device 102.

For example, some of devices 104A-N could have strong histories of disseminating malware. Similarly, some of devices 104A-N could be well-known for long access times. Conversely, some of devices 104A-N could be known as secure sites with excellent reputations for disseminating safe content free from malware.

Moreover, some content accessible via links 110A-N may have important associated history. For instance, it may be well-known that some content associated with links 110A-N is of poor quality, or includes malware. Alternately, some content associated with other links 110A-N may be well-known for being safe, and being devoid of malware.

Similarly, applications launched to access content once links 110A-N are activated may have associated histories. For example, a media player or web browser associated with activation of link 110A-N may be obsolete, incompatible with the content, or otherwise have exhibited various defects and/or undesirable attributes. Alternately, an application associated with activation of link 110A-N may be safe and devoid of undesirable attributes. The term “application”, as used herein, can include software modules.

The histories of devices 104A-N, as well as the histories of content associated with links 110A-N, and the histories of applications associated with links 110A-N can be collected and saved as reputation information. Reputation information can include historical information from previous interactions with devices 104A-N by users at device 102, as well as historical information from previous interactions with devices 104A-N by users at other computing based-devices. Further, reputation information can include ratings of content and devices 104A-N compiled by ratings organizations and/or other interested parties. Thus, reputation information can include any information that might allow a user at client device 102 to assess a risk of activating a link 110A-N and interacting with content, applications, and/or sources associated with link 110A-N.

Reputation information can be stored in one or more of several locations. For example, in one implementation, reputation information can be stored on a reputation server 112 coupled to client device 102 by network 106. Reputation server 112 can include any computing-based device known in the art, including a server, a desktop PC, a notebook or portable computer, a workstation, a mainframe computer, an Internet appliance, a storage device, and so on.

In another possible implementation, reputation information can be stored in memory on client device 102. In still another possible implementation, reputation information can be stored on both client device 102 and reputation server 112. For example, a cache storing reputation information on client device 102 can periodically synchronize itself with a cache storing reputation information on reputation server 112. Alternately, the cache on client device 102 can store a subset of reputation information stored on reputation server 112, such as reputation information which is frequently accessed from server 112 by client device 102, or reputation information having a character that doesn't often change.

In one implementation, when a user accesses document 108 on client device 102, a content reputation (CR) module 114 processes document 108 to identify links 110A-N for which reputation information is available. For instance, CR module 114 can identify links 110A-N for which reputation information regarding associated devices 104A-N and/or content is available and distinguish those links from other links. In one possible implementation, CR module 114 can scan document 108 and upon detecting a link 110A-N, CR module 114 can effect a query of a local cache (if one exists) on client device 102 and/or a remote cache on reputation server 112 and attempt to find reputation information associated with the link. This can be done link by link until all links 110A-N in document 108 have been investigated.

Links 110A-N having corresponding reputation information can then be identified by CR module 114. Identification of links 110A-N can be accomplished in many ways. For example, links 110A-N for which reputation information is available can be set off in a color different from that of other links 110A-N for which reputation information is not available. Alternately, links 110A-N for which reputation information is available can be highlighted by any way known in the art. In still another possible implementation, icons such as tags can be placed proximate to links 110A-N for which reputation information is available. Such icons can be activated to reveal pull down menus, as will be discussed in more detail in conjunction with FIGS. 1 a and 1 b below.

Alternately, in another possible implementation, CR module 114 can ignore a status of links 110A-N with regard to availability of reputation information. For example, all links 110A-N can be indicated as normal links in document 108.

To request reputation information for a link 110A-N, a user need only designate link 110A-N. For instance, the user can float a cursor over link 110A-N without clicking link 110A-N. Alternately, the user can place a cursor over link 110A-N and hit a mouse button or keyboard button not associated with activation of link 110A-N. In still another possible implementation, the user can interact with an icon proximate to link 110A-N.

Designation of link 110A-N in this way stimulated CR module 114 to instigate retrieval of reputation information associated with link 110A-N and display the reputation information to a user at client device 102. For example, CR module 114 can query reputation server 112 for reputation information associated with designated link 110A-N. Alternately, if a local cache exists on client device 102 in which reputation information is stored, CR module 114 can query the local cache for reputation information associated with designated link 110A-N. If this fails to produce the desired reputation information, CR module 114 can query reputation server 112 for the reputation information.

Once reputation information is received for designated link 110A-N, the reputation information can be displayed in any way known in the art. For example, the reputation information can be presented in a pop up window. Alternately, the reputation information can be presented in a margin proximate to designated link 110A-N. In yet another possible implementation, the reputation information can be displayed in a pull down menu.

In the event that no reputation information exists for a designated link 110A-N, CR module 114 can present information to that effect. For example, using the methods described above, CR module 114 can return one or more messages such as “no reputation information exists for this link”, “no reputation information exists for content accessible via activation of this link”, “no reputation information exists for applications associated with this link”, and “no reputation information exists for source(s) associated with this link”.

When no reputation information for designated link 110A-N is accessible, or when the reputation information for designated link 110A-N indicates a risk of activating link 110A-N, CR module 114 can present users at client device 102 with a warning advising them to forego activating designated link 110A-N, or to activate designated link 110A-N at their own risk.

FIG. 1 a illustrates the use of an icon to indicate a link 110A-N for which reputation information is available. As shown, a tag 116 has been placed proximate link 110C for which reputation information is available. It will be understood that link 110C is only used as an example. Tag 116 could be used in conjunction with any of links 110A-N.

Additionally, in the implementation shown, tag 116 has been placed above and to the left end of link 110C. It will be understood, however, that tag 116 can be placed anywhere relative to link 110C so long as it is clear to a user that tag 116 corresponds to link 110C. For example, tag 116 can be placed above and to the right end of link 110C, below and to the left end of link 110C, on either side of link 110C, and so on.

FIG. 1 b. illustrates reputation information that can be displayed when tag 116 is activated. For example, when a user wishes to see reputation information associated with link 110C, the user can interact with tag 116, such as by clicking tag 116, and a pull down menu such as pull down menu 118 can be displayed. Pull down menu 118 can include any known reputation information regarding content, applications, and sources (such as device(s) 104A-N, on which the content may reside) with which link 110C is associated.

For example, pull down menu 118 can indicate categories of problems concerning content, applications, and/or device(s) 104A-N associated with link 110C. As shown in FIG. 1 b, the URL associated with link 110C can be reported as having a reputation of being a phishing site. Further, pull down menu 118 can indicate whether or not access to device(s) 104A-N with which link 110C is associated is blocked. For example, if the reputation information associated with link 110C indicates that link 110C is unsafe to follow, the user can be blocked from activating link 110C. Pull down menu 118 can also include a prompt allowing the user to override a block placed on accessing link 110C (if such a block exists).

Customer ratings of content, applications, and devices 104A-N with which link 110C is associated can also be included in pull down menu 118. Additionally, a prompt allowing the user to suggest augmentations or corrections to the reputation information can be included in pull down menu 118. Further, pull down menu 118 can allow the user to indicate that link 110C should no longer be identified by CR module 114 as a link for which reputation information exists.

Exemplary Client Device

FIG. 2 illustrates various components of client device 102 according to one embodiment of accessible content reputation lookup. Client device 102 can include one or more processor(s) 200, a memory 202, input/output (I/O) devices 204 (e.g., keyboard, display, and mouse), and a system bus 206 operatively coupling the various components of client device 102.

System bus 206 represents any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor bus or local bus using any of a variety of bus architectures. By way of example, such architectures can include an industry standard architecture (ISA) bus, a micro channel architecture (MCA) bus, an enhanced ISA (EISA) bus, a video electronics standards association (VESA) local bus, a peripheral component interconnects (PCI) bus also known as a mezzanine bus, a PCI express bus, a universal serial bus (USB), a secure digital (SD) bus, and an IEEE 1394 (i.e., FireWire) bus.

Memory 202 can include computer-readable media in the form of volatile memory, such as RAM and/or non-volatile memory, such as ROM, or flash RAM. Memory 202 can also include data and program modules for implementing accessible content reputation lookup which are immediately accessible to, and presently operated on, by processor(s) 200.

Memory 202 can include programs 208 and data 210. Programs 208 can include content reputation (CR) module 114 as well as other programs 212, including, web browsing applications, instant messaging applications, word processing applications, spreadsheet applications, etc. For example, other programs 212 can include applications associated with links 110A-N, such as applications configured to access content when links 110A-N are activated.

Data 210 can include a content reputation cache 214 and other data 216, such as data associated with a general functioning of one or more programs—such as CR module 114 and other programs(s) 212.

CR module 114 includes a content recognition module 218 and a customer action module 220. In operation, once a user accesses document 108, such as by opening a web browser, an email, a word processing file, and so on, content recognition module 218 can process document 108 to identify any links 110A-N for which reputation information is available. For example, content recognition module 218 can stimulate customer action module 220 to perform queries for each link 110A-N in document 108 to see if corresponding reputation information exists in content reputation cache 214 and/or on reputation server 112. Alternately, content recognition module 218 can itself perform queries for each link 110A-N in document 108 to see if corresponding reputation information exists in content reputation cache 214 and/or on reputation server 112.

If reputation information for a link 110A-N is found, content recognition module 218 can distinguish link 110A-N from other links 110A-N for which reputation information is not available in a variety of ways. For example, content recognition module 218 can present links 110A-N for which reputation information is accessible in a color different from that of other links 110A-N for which reputation information is not available. Alternately, content recognition module 218 can cause links 110A-N for which reputation information is available to be highlighted by any way known in the art. In still another possible implementation, content recognition module 218 can cause icons such as tag 116, to be placed proximate to links 110A-N for which reputation information is available.

It will be understood that content reputation module 114 can also exist without content recognition module 218. For example, CR module 114 can ignore a status of links 110A-N with regard to availability of reputation information. For example, all links 110A-N can be indicated as normal links in document 108.

Whether links 110A-N have been processed by content recognition module 218 or not, customer action (CA) module 220 can allow users viewing document 108 to look up reputation information for one or more links 110A-N without having to activate links 110A-N.

In one implementation, CA module 220 enables a user to request reputation information for a link 110A-N, by allowing the user to designating link 110A-N. For example, the user can float a cursor over link 110A-N without clicking link 110A-N. Alternately, the user can place a cursor over the link 110A-N and hit a mouse button or keyboard button not associated with activation of link 110A-N. In still another possible implementation, the user can interact with an icon, such as tag 116, proximate to link 110A-N.

Once link 110A-N in designated, CA module 220 begins retrieval of reputation information associated with link 110A-N and displays the reputation information to the user. For example, CA module 220 can query content reputation cache 214 and/or reputation server 112 for reputation information associated with the designated link 110A-N. In one implementation, CA module 220 first queries content reputation cache 214 for reputation information associated with the designated link 110A-N. If reputation information associated with the designated link 110A-N cannot be found at content reputation cache 214, CA module 220 subsequently queries reputation server 112 for the reputation information.

Once CA module 220 receives reputation information for designated link 110A-N, the reputation information can be displayed in any way known in the art. For example, CA module 220 can effect the presentation of the reputation information in a pop up window, a pull down menu, or in a margin in document 108 proximate to designated link 110A-N.

In one possible implementation, if the reputation for designated link 110A-N indicates a risk to client device 102 of activating designated link 110A-N, CA module 220 can block the user from activating designated link 110A-N. CA module 220 can also present the user with an option to override this function, and activate designated link 110A-N despite the risk.

In the event that no reputation information exists for a designated link 110A-N, CA module 220 can present of information to this effect to a user and also include a warning advising the user to forego activation of designated link 110A-N. Alternately, CA module 220 can present a warning to the user to activate designated link 110A-N at the user's own risk.

Further, CA module 220 can present the user with an option to report a mistake with the presented reputation information and/or make changes to the reputation information. For example, if reputation information returned for designated link 110A-N is clearly erroneous, CA module 220 can allow the user can report it as such. CA module 220 can also allow the user to enter corrections to the reputation information.

Exemplary Reputation Server

FIG. 3 illustrates various components of reputation server 112 in accordance with one embodiment of accessible content reputation lookup. Reputation server 120 can include one or more processor(s) 300, a memory 302, input/output (I/O) devices 304 (e.g., keyboard, display, and mouse), and a system bus 306 operatively coupling the various components of reputation server 112.

System bus 306 represents any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor bus or local bus using any of a variety of bus architectures. By way of example, such architectures can include an industry standard architecture (ISA) bus, a micro channel architecture (MCA) bus, an enhanced ISA (EISA) bus, a video electronics standards association (VESA) local bus, a peripheral component interconnects (PCI) bus also known as a mezzanine bus, a PCI express bus, a universal serial bus (USB), a secure digital (SD) bus, and an IEEE 1394 (i.e., FireWire) bus.

Memory 302 can include computer-readable media in the form of volatile memory, such as RAM and/or non-volatile memory, such as ROM, or flash RAM. Memory 302 can also include data and program modules for implementing accessible content reputation lookup which are immediately accessible to, and presently operated on, by processor(s) 300.

Memory 302 can include programs 308 and data 310. Programs 308 can include programs such as file sharing applications, web browsing applications, word processing applications, spreadsheet applications, etc. Data 310 can include a reputation cache 312 and other data 314, such as data associated with a general functioning of one or more programs—such as programs(s) 308.

Reputation cache 312 can include reputation information associated with one or more links 110A-N. In one implementation, reputation information for a given link 110A-N includes information regarding a risk of activating link 110A-N. For example, reputation information can include historical information for content, applications, and sources associated with link 110A-N. This historical information can include access times for content and sources associated with link 110A-N as well as known reputations for content, applications, and sources associated with link 110A-N (for example, if a source, application, or content is known to be secure or not, or if a source, application, or content is known to disseminate malware or not).

Reputation information stored in reputation cache 312 can be derived from previous interactions with devices 104A-N by users at device 102, as well as from previous interactions with devices 104A-N by users at other computing based-devices. Further, reputation information stored in reputation cache 312 can include ratings of content, applications, and devices 104A-N compiled by ratings organizations and/or other interested parties.

As noted above, all or part of the reputation information stored in reputation cache 312 can be the same as reputation information stored in content reputation cache 214. For example, reputation cache 312 can be periodically synchronized with content reputation cache 214.

Exemplary Methods

FIGS. 4-6 illustrate exemplary methods for implementing aspects of accessible content reputation lookup. The methods are illustrated as a collection of blocks in a logical flow graph representing a sequence of operations that can be implemented in hardware, software, firmware or a combination thereof. The order in which the methods are described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the methods, or alternate methods. Additionally, individual blocks may be deleted from the methods without departing from the spirit and scope of the subject matter described therein. In the context of software, the blocks can represent computer instructions that, when executed by one or more processors, perform the recited operations. Moreover, for discussion purposes, and not purposes of limitation, selected aspects of the methods may be described with reference to elements shown in FIGS. 1-3.

Exemplary Method I

FIG. 4 illustrates an exemplary method 400 for identifying links to accessible content for which reputation information is available. At block 402, a document, such as document 108, is scanned for the existence of a link to accessible content, such as links 110A-D to content on devices such as client device 102 and devices 104A-N. For example, a module such as content recognition module 218, can scan a document and find a next available link to accessible content in the document.

At block 404, reputation information for the link found at block 402 can be sought in one or more caches on a local computing based device and/or a remote computing based device. For example, content recognition module 218 can query content reputation cache 214 on client device 102 and/or reputation cache 312 on reputation server 120 for reputation information associated with the link found at block 402.

If reputation information for the link is not found (“no” path from block 404), method 400 can return to block 402 and scan for another link to accessible content in the document.

Alternately, if reputation for the link is found (“yes” path from block 404), the link is indicated as a link for which reputation information exists. In one implementation, the link can be presented in a color different than that of surrounding text and other links in the document for which no reputation information can be accessed. In another implementation, the link for which reputation information exists can be highlighted. In yet another implementation, an icon, such as tag 116, can be placed close to the link for which reputation information exists.

Exemplary Method II

FIG. 5 illustrates an exemplary method 500 for accessible content reputation lookup. At block 502, at least one link to accessible content in a document is presented to a user. For example, one or more links, such as links 110A-N, can be presented to a user in a document, such as document 108. The links can allow a user interacting with the document to access a wide variety of content. For example, the links can allow the user to access content on a computing-based device on which the user is viewing the document, such as client device 102, as well as from other devices electrically coupled to the computing-based device on which the user is viewing the document, such as devices 104A-N.

At block 504, the user is given the option of requesting reputation information associated with a selected link in the document by designating the link. Reputation information can include information enabling the user to assess a risk of activating the link. For example, reputation information can include information relating to a reliability of content associated with the link, information relating to a reliability of one or more applications configured to access the content upon activation of the link, and information relating to a reliability of one or more sources, such as device 102 and devices 104A-N, on which the content may reside. For example, the reputation information can indicate a tendency and/or likelihood of the content, application(s), and/or source(s) associated with the designated link to disseminate malware or otherwise cause problems on the computing-based device. Additionally, the reputation information can include data on access times for retrieving the content from the source(s).

Historical information from previous interactions with the content, application(s), and sources(s) associated with the link can be used to compile the reputation information. Such historical information can include interactions initiated from the computing-based device on which the user is viewing the document, as well as interaction initiated from other computing based devices being used by other users.

The reputation information can also include ratings of content, application(s), and source(s) associated with the link compiled by ratings organizations and/or other interested parties.

The user can designate the link for which reputation information is sought using several techniques short of activating the link. For example, the user can float a cursor over the link, place a cursor over the link and hit a mouse button or keyboard button not associated with activation of the link, and can interact with an icon, such as tag 116, proximate to the link.

At block 506, reputation information associated with the link designated in block 504 can be provided to the user. In one implementation, a module such as customer action module 220 can instigate both retrieval of reputation information associated with the link and display of the reputation information to the user. For example, the module can query either or both of the computing based device on which the user is viewing the document and a reputation server reputation server, such as reputation server 112, for reputation information associated with the designated link. In this way a local cache, such as content reputation cache 214, on the computing based device on which the user is viewing the document, as well as a remote cache, such as reputation cache 312, on the reputation server can be queried. In one implementation, the local cache can be queried first for the reputation information associated with the designated link, and if this fails to produce the desired reputation information, the remote cache on the reputation server can be queried for the reputation information.

Once reputation information is received for the designated link the reputation information can be displayed to the user in any way known in the art. For example, the reputation information can be presented in a pop up window. Alternately, the reputation information can be presented in a margin in the document proximate to the designated link. In still another exemplary implementation, the reputation information can be presented in a pull down menu, such as pull down menu 118.

In the event that no reputation information exists for the designated link, the reputation information presented to the user can include information stating that no formal reputation information can be found. For example, one or more messages such as “no reputation information exists for this link”, “no reputation information exists for content accessible via activation of this link”, “no reputation information exists for applications associated with this link” and “no reputation information exists for source(s) associated with this link” can be presented as reputation information to the user. A warning advising users to forego activating the designated link in the absence of formal reputation information can also be presented to the user.

Exemplary Method III

FIG. 6 illustrates another exemplary method 600 for accessible content reputation lookup. At block 602, a link to accessible content is presented in a document. For example, a link, such as link 110A-N, can be presented to a user in a document such as document 108. The link can allow the user to access a wide variety of content, such as content on a computing-based device, like client 102, the user is using to view the document, as well as content on other devices, like devices 104A-N, coupled to the computing-based device on which the user is viewing the document.

At block 604, the user is given the option of requesting information associated with the link by designating the link without activating the link. The user can designate the link using several techniques, including floating a cursor over the link, placing a cursor over the link and hitting a mouse button or keyboard button unassociated with activation of the link, and interacting with an icon, such as tag 116, proximate to the link.

At block 606, reputation information associated with the link can be requested from a cache when the user designates the link. Reputation information can include any information enabling the user to assess a risk of activating the link, such as information relating to a reliability of content associated with the link, information relating to a reliability of one or more applications associated with the link, and information relating to a reliability of one or more sources, such as device 102 and devices 104A-N, on which the content may reside. For example, the reputation information can include any known history of malware dissemination by the content, application(s) and/or source(s) associated with the designated link. Additionally, the reputation information could include data on access times for retrieving the content from the source(s).

The reputation information associated with the designated link can also include historical information from previous interactions with the content, application(s), and sources(s). For example, the reputation information can include information from interactions with the content, application(s), and source(s) associated with the designated link initiated from the computing-based device on which the user is viewing the document. The reputation information can also include information from interactions with the content, application(s), and source(s) associated with the designated link initiated on other computing based devices being used by other users. Additionally, the reputation information can include ratings of content, application(s), and source(s) associated with the designated link compiled by ratings organizations and/or other interested parties.

In one implementation, a module, such as customer action module 220, can request retrieval of reputation information associated with the designated link. For example, the module can query either or both of the computing based device on which the user is viewing the document and a reputation server, such as reputation server 112, for reputation information associated with the designated link. In this way a local cache, such as content reputation cache 214, on the computing based device on which the user is viewing the document, as well as a remote cache, such as reputation cache 312, on the reputation server can be queried. In one implementation, the local cache can be queried first for the reputation information associated with the designated link, and if this fails to produce the desired reputation information, the remote cache on the reputation server can be queried for the reputation information.

At block 608, the reputation information associated with the designated link is displayed to the user. The reputation information can be displayed to the user in any way known in the art. For example, the reputation information can be presented in a pop up window, in a margin proximate to the designated link, or in a pull down menu, such as pull down menu 118, associated with the designated link.

In the event that no reputation information exists for the designated link, the reputation information presented to the user can include information stating that no formal reputation information can be found. Moreover, a warning advising users to forego activation of the designated link in the absence of reputation information can also be presented to the user.

CONCLUSION

Although embodiments of accessible content reputation lookup have been described in language specific to structural features and/or methods, it is to be understood that the subject of the appended claims is not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as exemplary implementations of accessible content reputation lookup. 

1. A computer implemented method operable on a processor, the method comprising: recognizing links to accessible content in text of a document; presenting in the document a link to the accessible content, the presenting including indicating whether the link has reputation information associated to it, wherein the reputation information includes a history of an application associated with the link to the accessible content and a history of a device storing the accessible content, the history of the device indicating a reputation for the device based on a likelihood of the device to disseminate malware and a length of an access time for retrieving content from the device; facilitating designation, by a user, of the link to request reputation information associated with the link, the requesting including querying a plurality of caches for the reputation information in a predetermined order, the plurality of caches comprising a local cache and a remote cache, wherein the local cache comprises a subset of the remote cache, the subset including reputation information that changes less often than reputation information of the remote cache not included in the subset; and providing the reputation information associated with the link to the user in a categorized pull down menu, the pull down menu displaying the reputation information and at least one category of the reputation information, the at least one category being based on content, an application, and/or a device with which the link is associated.
 2. A method as recited in claim 1, wherein the presenting includes: determining whether the reputation information is accessible for the link; and indicating to the user that the link is one for which reputation information can be accessed by one or more of: underlining the link; shading the link; presenting the link in a different color than that of surrounding text and other links for which no reputation information is available; presenting an icon proximate the link.
 3. A method as recited in claim 1, wherein the facilitating includes enabling the user to designate the link by floating a cursor over the link.
 4. A method as recited in claim 1, wherein the providing includes querying the local cache for the reputation information prior to querying the remote cache.
 5. A method as recited in claim 1, further comprising querying a cache on a remote device when the reputation information is not available in the local cache.
 6. A method as recited in claim 1, wherein the providing includes reporting to the user that no reputation information can be returned when the reputation information cannot be accessed.
 7. A method as recited in claim 1, wherein the providing includes blocking activation of the link when the reputation information indicates a risk to the user in accessing one or more of: the accessible content associated with the link; one or more sources associated with the link; one or more applications associated with the link.
 8. A method as recited in claim 7, further comprising enabling the user to override the blocking.
 9. A method as recited in claim 1, further comprising enabling the user to provide comments regarding a quality of the reputation information.
 10. A computer-readable medium having computer-readable instructions residing thereon that, when executed, perform acts comprising: recognizing links to accessible content in text of a document; presenting in the document a link to the accessible content, the presenting including indicating whether the link has reputation information associated to it, wherein the reputation information includes a history of an application associated with the link to the accessible content and a history of a device storing the accessible content, the history of the device indicating a reputation for the device based on a likelihood of the device to disseminate malware and a length of an access time for retrieving content from the device; allowing a user to designate the link without activating the link; requesting reputation information associated with the link from a plurality of caches when the user designates the link, wherein the requesting includes a first query to a local reputation cache and a subsequent query to a remote cache, when the first query fails to produce a desired reputation information, wherein the local cache comprises a subset of the remote cache, the subset including reputation information that changes less often than reputation information of the remote cache not included in the subset; and displaying the reputation information associated with the link to the user in a categorized pull down menu, the pull down menu displaying the reputation information and at least one category of the reputation information, the at least one category being based on content, an application, and/or a device with which the link is associated.
 11. A computer-readable medium as recited in claim 10 having a set of computer-readable instructions that, when executed, perform acts further comprising placing an icon proximate to the link, wherein the user can designate the link by selecting the icon.
 12. A computer-readable medium as recited in claim 10 having a set of computer-readable instructions that, when executed, perform acts further comprising enabling prepopulation of the cache with reputation information for the link.
 13. A computer-readable medium as recited in claim 10 having a set of computer-readable instructions that, when executed, perform acts further comprising recommending that the user forego activation of the link if too little reputation information exists in the cache to indicate that a risk of activating the link is below an acceptable threshold.
 14. A computing-based device comprising: a processor; a memory including a content reputation module comprising: a content recognition module configured to identify links to accessible content in a document and to present in the document a link to the accessible content such that the presentation indicates whether the link has reputation information associated to it; and a customer action module configured to react to a designation of a link to accessible content in the document by retrieving reputation information associated with the link, the reputation information including a history of an application associated with the link to the accessible content and a history of a device storing the accessible content, the history of the device indicating a reputation for the device based on a likelihood of the device to disseminate malware and a length of an access time for retrieving content from the device, wherein the reputation information can be used to assess a risk of activating the link, wherein the customer action module is configured to first query a local reputation cache for the reputation information, and the customer action module is configured to next query a remote cache for the reputation information when the first query fails to produce a desired reputation information, wherein the local reputation cache comprises a subset of the remote cache, the subset including reputation information that changes less often than reputation information of the remote cache not included in the subset, the customer action module further configured to display the reputation information associated with the link to a user in a categorized pull down menu, the pull down menu displaying the reputation information and at least one category of the reputation information, the at least one category being based on content, an application, and/or a device with which the link is associated.
 15. A computing-based device as recited in claim 14, wherein the document includes one or more of: a webpage; an instant messaging window; an email message; a page presented in a word processing application: content presented in an application.
 16. A computing-based device as recited in claim 14, wherein the customer action module is configured to block activation of the link when the reputation information indicates a risk to the user in accessing one or more of: the accessible content; an application configured to access the accessible content upon activation of the link to accessible content; one or more sources on which the accessible content resides.
 17. A computing-based device as recited in claim 14, wherein the customer action module is further configured to allow a user of the computing-based device to comment on a quality of the reputation information.
 18. A computing-based device as recited in claim 14, further comprising the local cache.
 19. A computing-based device as recited in claim 14, wherein the document includes a word processing document presented in a word processing application.
 20. A computing-based device as recited in claim 14, wherein the content recognition module is configured to present one or more links for which reputation information exists by one or more of: underlining the one or more links; shading the one or more links; presenting the one or more links in a different color than that of surrounding text; including one or more icons proximate the one or more links. 